CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.

PVS-Studio for JetBrains CLion: ad astra per aspera

by Evgeniy Ovsyannikov, Sergey Vasiliev

Here's an answer to the question that we are discussing - PVS-Studio and CLion collaboration will let us detect more errors at the writing code stage. CLion highlights the errors on the fly, but at the same time is limited in the analysis capabilities. PVS-Studio doesn't highlight errors immediately, but it can perform deeper analysis. Note that PVS-Studio has an incremental analysis – the mode that checks only the changed files.

Checking a Header-Only C++ Library Collection (awesome-hpp)

by Andrey Karpov

A note for library developers. You can use PVS-Studio to check open-source projects for free. To get a free license to use with your open-source project, please fill in this form.

Getting Started with the PVS-Studio Static Analyzer for C++ Development under Linux

by Yuri Minaev

Besides strace, you can base the analysis on the compile_commands.json (JSON Compilation Database) file. Many build systems have built-in means of exporting compilation commands, or you could use the BEAR utility to do this. Here's the command to launch the analysis in this case: pvs-studio-analyzer analyze –f /path/to/compile_commands.json